diff --git a/NEWS b/NEWS index 8ddd35ae7ba1d451a3018f7452b36d077d7c390b..839084d656e2b6adeb8383ac19a888dd63e774a3 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,7 @@ Bugfixes -------- - dnstap module: don't break request resolution on dnstap errors (!1147) - cache garbage collector: fix crashes introduced in 5.3.0 (!1153) +- policy.TLS_FORWARD: better avoid dead addresses (#671, !1156) Knot Resolver 5.3.0 (2021-02-25) diff --git a/lib/selection.c b/lib/selection.c index 853be4d044c028af11305338faefe8d57ff18283..56530cba793a3ab5d757a26da202a1e4492097c3 100644 --- a/lib/selection.c +++ b/lib/selection.c @@ -596,6 +596,14 @@ void error(struct kr_query *qry, struct address_state *addr_state, switch (sel_error) { case KR_SELECTION_OK: return; + case KR_SELECTION_TCP_CONNECT_FAILED: + case KR_SELECTION_TCP_CONNECT_TIMEOUT: + qry->server_selection.local_state->force_udp = true; + qry->flags.NO_0X20 = false; + /* Connection and handshake failures have properties similar + * to UDP timeouts, so we handle them (almost) the same way. */ + /* fall-through */ + case KR_SELECTION_TLS_HANDSHAKE_FAILED: case KR_SELECTION_QUERY_TIMEOUT: qry->server_selection.local_state->timeouts++; /* Make sure that the query was chosen by this query and timeout wasn't capped @@ -654,11 +662,6 @@ void error(struct kr_query *qry, struct address_state *addr_state, qry->flags.NO_MINIMIZE = true; } break; - case KR_SELECTION_TCP_CONNECT_FAILED: - case KR_SELECTION_TCP_CONNECT_TIMEOUT: - qry->server_selection.local_state->force_udp = true; - qry->flags.NO_0X20 = false; - break; case KR_SELECTION_NOTIMPL: case KR_SELECTION_OTHER_RCODE: case KR_SELECTION_DNSSEC_ERROR: @@ -667,9 +670,6 @@ void error(struct kr_query *qry, struct address_state *addr_state, /* These errors are fatal, no point in trying this server again. */ addr_state->broken = true; break; - case KR_SELECTION_TLS_HANDSHAKE_FAILED: - /* These might get resolved by retrying. */ - break; default: assert(0); break; diff --git a/lib/selection.h b/lib/selection.h index ca98fa6b6719afccafb2aea631342f81f1d104e0..02ef5b5a1dc3d6d410140fbeb36dbf36b3f18577 100644 --- a/lib/selection.h +++ b/lib/selection.h @@ -150,6 +150,7 @@ int kr_forward_add_target(struct kr_request *req, const struct sockaddr *sock); struct rtt_state { int32_t srtt; /**< Smoothed RTT, i.e. an estimate of round-trip time. */ int32_t variance; /**< An estimate of RTT's standard derivation (not variance). */ + /** Note: some TCP and TLS failures are also considered as timeouts. */ int32_t consecutive_timeouts; /** Timestamp of pronouncing this IP bad based on KR_NS_TIMEOUT_ROW_DEAD */ uint64_t dead_since;